Bad Rabbit Ransomware


Systems Affected

According to the reports, Bad Rabbit only affects Windows computers

Threat Level



Users are getting affected, where ads display fake Adobe Flash software updates. When the software is downloaded and run, the user is infected with Ransomware where their files will be encrypted.


Once compromised, the malware is attempting to propagate through the network, exploiting SMB protocol using the EternalBlue vulnerability in SMB v1 protocol. Bad Rabbit is behaving similarly to both WannaCry and NotPetya in this sense. The cyber criminals behind Bad Rabbit are locking computers down and demanding 0.05 Bitcoin #( 220) from victims, in exchange to provide the decryption key for their devices. According to the Bad Rabbit ransom screen, the fee will rise in the near future.


Once infected with the Ransomware, users will lose access to their computers. They will see an image that says the files are encrypted and to recover the files users should submit the payment and get the decryption password.

Solution/ Workarounds

Ensure you apply all updates on all your computers and devices. Its particularly important to apply the latest Microsoft updates. Do not run software updates that are prompted by a third-party site. If you do need to s website. Ensure your anti-virus software is running and up-to-date. Make sure you back up your system. Store your files securely offline. Consider removing Adobe Flash from your computer. This may affect functionality on some websites.

References individuals/recent-threats/ransomware-called-bad-rabbit-affecting-international- systems/?utm_medium=email&utm_campaign=Ransomware%20called%20Bad%20Rabbit%20affecting %20international%20systems_215_1508901490&utm_content=Ransomware%20called%20Bad %20Rabbit%20affecting%20international %20systems_215_1508901490+CID_ff3386bd1f90a7b5838f8145c50ab229&utm_source=CM %20emails&utm_term=Read%20the%20full%20advisory ransomware-wannacry-petya-europe-russia-ukraine-turkey-germany-outbreak-a8017911.html


The information provided herein is on "as is" basis, without warranty of any kind.


© Copyright Sri Lanka CERT|CC. All Rights Reserved.